OWASP Top 10

• What strange text file is in the website root directory?

drpepper.txt

• How many non-root/non-service/non-daemon users are there?

0

• What user is this app running as?

www-data

• What is the user's shell set as?

/usr/sbin/nologin

• What version of Ubuntu is running?

18.04.4

• Print out the MOTD.  What favorite beverage is shown?

Dr Pepper

• What is the flag that you found in darren's account?

fe86079416a21a3c99937fea8874b667

• What is the flag that you found in arthur's account?

d9ac0f7db4fda460ac3edeb75d75e16e

• What is the name of the mentioned directory?

/assets

• Navigate to the directory you found in question one. What file stands out as being likely to contain sensitive data?

webapp.db

• Use the supporting material to access the sensitive data. What is the password hash of the admin user?

6eea9b7ef19179a06954edd0f6c05ceb

• Crack the hash.

What is the admin's plaintext password? 

qwertyuiop

• Login as the admin. What is the flag?

THM{Yzc2YjdkMjE5N2VjMzNhOTE3NjdiMjdl}

• Full form of XML

Extensible Markup Language

• Is it compulsory to have XML prolog in XML documents?

no

• Can we validate XML documents against a schema?

yes

• How can we specify XML version and encoding in XML document?

XML prolog

• How do you define a new ELEMENT?

!ELEMENT

• How do you define a ROOT element?

!DOCTYPE

• How do you define a new ENTITY?

!ENTITY

• What is the name of the user in /etc/passwd

falcon

• Where is falcon's SSH key located?

/home/falcon/.ssh/id_rsa

• What are the first 18 characters for falcon's private key

MIIEogIBAAKCAQEA7

• Look at other users notes. What is the flag?

flag{fivefourthree}

• Hack into the webapp, and find the flag!

thm{4b9513968fd564a87b28aa1f9d672e17}

• Navigate to http://MACHINE_IP/ in your browser and click on the "Reflected XSS" tab on the navbar; craft a reflected XSS payload that will cause a popup saying "Hello".

ThereIsMoreToXSSThanYouThink

• On the same reflective page, craft a reflected XSS payload that will cause a popup with your machines IP address.

ReflectiveXss4TheWin

• Now navigate to http://MACHINE_IP/ in your browser and click on the "Stored XSS" tab on the navbar; make an account.

Then add a comment and see if you can insert some of your own HTML.

HTML_T4gs

• On the same page, create an alert popup box appear on the page with your document cookies.

W3LL_D0N3_LVL2

• Change "XSS Playground" to "I am a hacker" by adding a comment and using Javascript.

websites_can_be_easily_defaced_with_xss

• Who developed the Tomcat application?

The Apache Software Foundation

• What type of attack that crashes services can be performed with insecure deserialization?

Denial of Service

• if a dog was sleeping, would this be:

A) A State
B) A Behaviour 

A Behaviour

• What is the name of the base-2 formatting that data is sent across a network as? 

Binary

• If a cookie had the path of webapp.com/login , what would the URL that the user has to visit be?

webapp.com/login

• What is the acronym for the web technology that Secure cookies work over?

HTTPS

• 1st flag (cookie value)

THM{good_old_base64_huh}

• 2nd flag (admin dashboard)

THM{heres_the_admin_flag}

• flag.txt

4a69a7ff9fd68

• How many characters are in /etc/passwd (use wc -c /etc/passwd to get the answer)

1611

• What IP address is the attacker using?

49.99.13.16

• What kind of attack is being carried out?

Brute Force